Bug 782060 - ntpq is very slow
ntpq is very slow
Status: VERIFIED FIXED
Classification: openSUSE
Product: openSUSE 12.2
Classification: openSUSE
Component: Other
Final
x86-64 openSUSE 12.2
: P5 - None : Normal (vote)
: ---
Assigned To: Peter Varkoly
E-mail List
maint:running:62642:low maint:release...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-25 14:08 UTC by Bernhard Wiedemann
Modified: 2016-08-18 15:53 UTC (History)
4 users (show)

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
patch: don't ask for ntp service (394 bytes, patch)
2012-11-12 14:20 UTC, Bernhard Wiedemann
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Bernhard Wiedemann 2012-09-25 14:08:14 UTC
# time ntpq -pn
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 127.127.1.0     .LOCL.          10 l  54m   64    0    0.000    0.000   0.000
*5.9.55.149      130.133.1.10     2 u  162  256  377    4.528    0.075   1.051
-176.28.8.111    187.95.28.233    3 u   64  256  377   13.549  -11.302   1.331
+38.229.71.1     172.16.32.4      2 u  137  256  377  117.416    1.492   2.391
+199.167.198.163 128.4.1.1        2 u  141  256  377   94.616   -2.757   0.575

real    0m0.900s
user    0m0.780s
sys     0m0.088s

strace -o /tmp/ntpq.strace ntpq -pn
grep "Active Measurement Protocol" /tmp/ntpq.strace|wc -l
64

So for some reason it is reading /etc/services 64 times.

while
strace -o /tmp/getent.strace getent services ntp
shows that it just reads the file once.
Comment 1 Bernhard Wiedemann 2012-09-25 14:16:14 UTC
for comparison: on a debian/6.0.5(squeeze) system with ntp-4.2.6
it takes 0.003 s
reading /etc/services 8 times
and the file is only 20kB there instead of our 748kB
Comment 2 Bernhard Wiedemann 2012-11-12 14:20:19 UTC
Created attachment 512792 [details]
patch: don't ask for ntp service

With help of Andreas Schwab I found this.
I verified that this one-line patch speeds up ntpq -pn by a factor of 7.
The alternative is to add
	hints.ai_socktype = SOCK_DGRAM;

The underlying problem is that getaddrinfo will read /etc/services
once for every possible protocol, if you don't specify either
ai_socktype or ai_protocol
and for protocols other than tcp and udp, 
it will read the big file until the very end.
Also nscd is not configured to cache services.
Comment 3 Bernhard Wiedemann 2012-11-12 16:43:09 UTC
btw: in SLE-11-SP2, nscd supports caching services by default
and even without that, ntpq -pn is faster (approx factor 5)
only reading the full /etc/services 4 times
and the beginning (up to port 123) of it another 4 times
Comment 4 Andreas Schwab 2012-11-12 17:02:43 UTC
unscd doesn't appear to support services caching.
Comment 5 Bernhard Wiedemann 2012-12-11 08:57:11 UTC
FYI, I opened https://build.opensuse.org/request/show/144377
which I tested on two different machines to give a speedup factor
between 8 and 10.
Comment 6 Bernhard Wiedemann 2012-12-14 13:21:45 UTC
For fun I tested in kvm my old SuSE-8.2 based LiveCD from
http://lsmod.de/bootcd/bmwinux-8.2-040808.iso
with glibc-2.3.2 and xntp-4.1.1
and even without nscd it took only 3ms - way faster than later versions.

strace showed that it opened /etc/services exactly once.
Comment 7 Bernhard Wiedemann 2012-12-28 13:01:39 UTC
filed upstream at
http://bugs.ntp.org/show_bug.cgi?id=2320
Comment 8 Bernhard Wiedemann 2013-01-18 14:00:17 UTC
This is an autogenerated message for OBS integration:
This bug (782060) was mentioned in
https://build.opensuse.org/request/show/148946 Factory / ntp
Comment 9 Peter Varkoly 2014-04-07 09:03:20 UTC
patch applied
Comment 10 Reinhard Max 2015-11-06 09:31:28 UTC
I'll change this patch to use

hints.ai_socktype = SOCK_DGRAM;

as suggested in comment 2, because we're resolving for a UDP socket here, so we should specify that in the query.

Setting the 2nd argument of getaddrinfo() to NULL asks for an arbitrary port rather than the port for NTP (123), and I wonder why this change hasn't broken anything (or it has and we just didn't notice).

BTW, if reading /etc/services once is still too much, we can additionally change "ntp" to "123" and set the AI_NUMERICSRV flag, to disable name resolution on the service argument entirely, as it is already being done for the node argument.
Comment 11 Bernhard Wiedemann 2015-11-15 18:32:32 UTC
(In reply to Reinhard Max from comment #10)
> Setting the 2nd argument of getaddrinfo() to NULL asks for an arbitrary port
> rather than the port for NTP (123), and I wonder why this change hasn't
> broken anything (or it has and we just didn't notice).

getaddrinfo(3) says about the 2nd argument
> If service is NULL, then the port number
> of the returned socket addresses will be left uninitialized.

which is exactly what we want here, because we dont need the port number
and would just throw away the value which we looked up in /etc/services
(unless the surrounding code changed a lot)

Though doing one lookup per IP for UDP would still be a lot better
than the original 10 or so lookups
Comment 13 Swamp Workflow Management 2016-04-28 17:09:04 UTC
SUSE-SU-2016:1175-1: An update that solves 12 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 782060,784760,916617,951559,951629,956773,962318,962784,962802,962960,962966,962970,962988,962994,962995,962997,963000,963002,975496,975981
CVE References: CVE-2015-5300,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    ntp-4.2.8p6-8.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    ntp-4.2.8p6-8.2
Comment 14 Swamp Workflow Management 2016-04-28 17:12:38 UTC
SUSE-SU-2016:1177-1: An update that solves 12 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 782060,916617,937837,951559,951629,956773,962318,962784,962802,962960,962966,962970,962988,962994,962995,962997,963000,963002,975496,975981
CVE References: CVE-2015-5300,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    yast2-ntp-client-3.1.22-6.2
SUSE Linux Enterprise Server 12-SP1 (src):    ntp-4.2.8p6-8.2, yast2-ntp-client-3.1.22-6.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    ntp-4.2.8p6-8.2, yast2-ntp-client-3.1.22-6.2
Comment 15 Swamp Workflow Management 2016-05-06 11:07:58 UTC
SUSE-SU-2016:1247-1: An update that solves 28 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 782060,905885,910063,916617,920238,926510,936327,937837,942587,944300,946386,951559,951608,951629,954982,956773,962318,962784,962802,962960,962966,962970,962988,962994,962995,962997,963000,963002,975496,975981
CVE References: CVE-2015-5300,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    yast2-ntp-client-3.1.12.4-8.2
SUSE Linux Enterprise Server 12 (src):    ntp-4.2.8p6-46.5.2, yast2-ntp-client-3.1.12.4-8.2
SUSE Linux Enterprise Desktop 12 (src):    ntp-4.2.8p6-46.5.2, yast2-ntp-client-3.1.12.4-8.2
Comment 16 Swamp Workflow Management 2016-05-12 19:07:55 UTC
openSUSE-SU-2016:1292-1: An update that solves 12 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 782060,916617,937837,951559,951629,956773,962318,962784,962802,962960,962966,962970,962988,962994,962995,962997,963000,963002,975496,975981
CVE References: CVE-2015-5300,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158
Sources used:
openSUSE Leap 42.1 (src):    ntp-4.2.8p6-15.1, yast2-ntp-client-3.1.22-6.1
Comment 17 Swamp Workflow Management 2016-05-17 13:09:29 UTC
SUSE-SU-2016:1311-1: An update that solves 30 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 782060,784760,905885,910063,916617,920183,920238,926510,936327,937837,942441,942587,943216,943218,944300,946386,951351,951559,951608,951629,954982,956773,962318,962784,962802,962960,962966,962970,962988,962994,962995,962997,963000,963002,975496,975981
CVE References: CVE-2015-5194,CVE-2015-5219,CVE-2015-5300,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158
Sources used:
SUSE OpenStack Cloud 5 (src):    ntp-4.2.8p6-41.1
SUSE Manager Proxy 2.1 (src):    ntp-4.2.8p6-41.1
SUSE Manager 2.1 (src):    ntp-4.2.8p6-41.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    ntp-4.2.8p6-41.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    ntp-4.2.8p6-41.1, yast2-ntp-client-2.17.14.1-1.12.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    ntp-4.2.8p6-41.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    ntp-4.2.8p6-41.1
Comment 18 Bernhard Wiedemann 2016-05-18 10:00:15 UTC
This is an autogenerated message for OBS integration:
This bug (782060) was mentioned in
https://build.opensuse.org/request/show/396591 13.2 / ntp
Comment 19 Swamp Workflow Management 2016-05-27 13:15:53 UTC
openSUSE-SU-2016:1423-1: An update that fixes 37 vulnerabilities is now available.

Category: security (moderate)
Bug References: 782060,905885,910063,916617,920238,926510,936327,942587,944300,946386,951559,951608,951629,954982,956773,957226,962318,962784,962802,962960,962966,962970,962988,962995,963000,963002,975496,977446,977450,977451,977452,977455,977457,977458,977459,977461,977464
CVE References: CVE-2015-5300,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519
Sources used:
openSUSE 13.2 (src):    ntp-4.2.8p7-25.15.1
Comment 20 Swamp Workflow Management 2016-06-14 15:33:08 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2016-06-21.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62822
Comment 21 Swamp Workflow Management 2016-07-29 17:08:56 UTC
SUSE-SU-2016:1912-1: An update that solves 43 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 782060,784760,905885,910063,916617,920183,920238,920893,920895,920905,924202,926510,936327,943218,943221,944300,951351,951559,951629,952611,957226,962318,962784,962802,962960,962966,962970,962988,962995,963000,963002,975496,977450,977451,977452,977455,977457,977458,977459,977461,977464,979302,981422,982056,982064,982065,982066,982067,982068,988417,988558,988565
CVE References: CVE-2015-1798,CVE-2015-1799,CVE-2015-5194,CVE-2015-5300,CVE-2015-7691,CVE-2015-7692,CVE-2015-7701,CVE-2015-7702,CVE-2015-7703,CVE-2015-7704,CVE-2015-7705,CVE-2015-7848,CVE-2015-7849,CVE-2015-7850,CVE-2015-7851,CVE-2015-7852,CVE-2015-7853,CVE-2015-7854,CVE-2015-7855,CVE-2015-7871,CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8158,CVE-2016-1547,CVE-2016-1548,CVE-2016-1549,CVE-2016-1550,CVE-2016-1551,CVE-2016-2516,CVE-2016-2517,CVE-2016-2518,CVE-2016-2519,CVE-2016-4953,CVE-2016-4954,CVE-2016-4955,CVE-2016-4956,CVE-2016-4957
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    ntp-4.2.8p8-0.7.1